Oracle Secure Backup login.php ora_osb_lcookie command execution
Added: 06/22/2009CVE: CVE-2008-4006
BID: 33177
OSVDB: 51343
Background
Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.Problem
A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary commands specified in the ora_osb_lcookie parameter in an HTTP request for login.php.Resolution
Apply the patch referenced in the Oracle Critical Patch Update for January 2009.References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=768Limitations
Exploit works on Oracle Secure Backup 10.1.0.3.When exploiting Windows targets, SAINTexploit must be able to bind to port 69/UDP.
When exploiting Linux targets, the "nc" utility must be installed on the target platform.
The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from http://www.cpan.org/modules/by-module/IO/.
Platforms
WindowsLinux
Back to exploit index